FIM CM: OTP Distribution fails when using DefaultSecretProvider + Provision API
Hi All, I am encountering some strange behaviour while executing an Enroll request via Provision API. The relevant Profile Template's Enroll Policy is configured to use OTP distribution by mail. Now, depending on whether I select the "Default Password Provider" option or the "Custom Password Provider" option (with Microsoft.Clm.BusinessLayer.DefaultSecretProvider and provider data 1,12,30), the mail either gets sent or it doesn't: "Default Password Provider" + Enroll is executed using FIM CM GUI = Mail gets sent "Default Password Provider" + Enroll is executed using custom Provision API code = Mail gets sent "Custom Password Provider" + Enroll is executed using FIM CM GUI = Mail gets sent "Custom Password Provider" + Enroll is executed using custom Provision API code = Mail does not get sent Has anyone encountered this before and / or has any idea what this could be about? Thanks and best regards Nils Loeber
November 7th, 2011 10:20am

Hi Nils, have you bumped logging levels and seen anything useful there? Or any other useful errors? In general it's hard to troubleshoot something like this, in theory it could be something erroring out in your custom provisioning API, and it never get's to send the email... but if everything work with the "Default Password Provider", that shouldn't be the case. I'm successfully sending custom notifications on the event of "DistibuteSecrets" with Password Distribution set to "Do not distribute" - if I would set that to email, we would send two of them (one default and one custom). Piotr
Free Windows Admin Tool Kit Click here and download it now
November 12th, 2011 6:19pm

Hi Nils, I only used the Notification API (and just a little of Provisioning) to catch different events (like DistributeSecrets) in the request lifecycle and trigger something externally for them - send a custom html email, call a web service to log an external audit trail, etc. So I'm not 100% sure what .InitiateEnroll will do ... but using common sense, if you're initiating a enroll request for a defined template, all the items configured in the template should still apply ... for example sending the OTP. But then, we're not sure if FIM CM has anything to do with common sense :). From my experience, I've seen some weird random behavior from time to time. regards, Piotr
November 14th, 2011 9:40am

Hi Piotr, thank you very much for your reply! Unfortunately, I couldn't find anything helpful in the logs. What's worse: For reasons I cannot retrace, it now doesn't send mail at all using the Provision API! So maybe I was chasing a false lead all the time... One more question though: In your experience, when you initiate enroll via Provision API and secret distribution by mail is configured, does a mail get sent? Or do you have to trigger secret distribution explicitly by using RequestOperations.DistributeSecrets? In other words: Does RequestOperations.InitiateEnroll send mail automatically or does the Provision API always assume (by design) that the caller will trigger secret distribution explicitly? Thanks again and best regards Nils Loeber
Free Windows Admin Tool Kit Click here and download it now
November 15th, 2011 5:01am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics